informa
Products & Releases

New Metasploit Pro 3.6 Improves Testing Efficiency And Delivers Enhanced Compliance Reporting

Metasploit Pro addresses the needs of penetration testing experts who require advanced features to compromise networks deeper and faster
BOSTON--(BUSINESS WIRE)--Rapid7', the leading provider of unified vulnerability management and penetration testing solutions, today announced Metasploit Pro™ 3.6, a significant upgrade to its penetration testing solution with the addition of advanced features to help security professionals and penetration testers improve network security testing efficiency. Now enterprises, government agencies and consultants using Metasploit Pro can benefit from an enhanced command-line feature set for increased proficiency and detailed PCI reports with pass/fail information for a comprehensive view of compliance posture with PCI regulations. Metasploit Express™ and the free, open source Metasploit' Framework also saw several improvements with this release.

“Many penetration testers told us they like the efficiency of the features in Metasploit Pro for network discovery, smart brute forcing and exploitation, but also enjoy the traditional command-line interface of the Metasploit Framework”

Metasploit Pro is the latest enterprise-class solution that addresses the needs of penetration testing experts who require advanced features to compromise networks deeper and faster. Metasploit Pro exceeds the functionality of Metasploit Express, the solution that brings affordable, comprehensive and easier-to-use penetration testing to organizations with limited time and budgets. These commercial editions were built off the solid foundation of the Metasploit Framework, the most widely used and mature penetration testing solution in the market with more than one million unique downloads in the past year and the world’s largest, public database for quality assured exploits. Since version 3.5.1, 14 exploits and 48 additional modules have been added to the Metasploit Framework.

To help security professionals stay ahead of threats, Rapid7 has added the following features:

* Metasploit Pro Console - Only available in Metasploit Pro, this console is for penetration testers who have become highly accustomed to the easy-to-use command-line interface of the Metasploit Framework, but also require the powerful automation capabilities of Metasploit Pro. With the addition of advanced network discovery, automated exploitation, evidence collection, smart brute forcing, and reporting capabilities to the existing features of the Metasploit Console, the results are immediately visible through the standard Web interface, allowing collaboration between team members using a mix of GUI and Console interfaces. * PCI Reporting - A feature only available in Metasploit Pro, which generates reports for PCI DSS compliance with pass/fail information for applicable PCI DSS requirements. The PCI standard requires both vulnerability management (11.2) and penetration tests (11.3); therefore, to facilitate compliance with requirement 11.3, Metasploit Pro now includes a detailed, actionable report on an organization’s security posture regarding requirements two, six and eight, which include password and secure systems maintenance. In addition, organizations can leverage Rapid7’s vulnerability management solution NeXpose' to comply with requirement 11.2. * Project Activity Report - A feature found in Metasploit Pro and Metasploit Express, organizations can now create a PDF report on the exact tests they run at the technical level. This enables clients of a penetration testing firm to retrace the steps that led to a successful assignment. * Asset Tagging - An advanced feature of Metasploit Pro that allows users to freely assign tags to assets based on multiple criteria such as compliance, operation workflow and team collaboration on different operational units. Tags may be used to classify assets and document security findings, with direct integration into the reporting engine. This facilitates improved project management and reporting, in particular for large penetration testing engagements. * Global Search - Found in Metasploit Pro and Metasploit Express, global search benefits users working on teams across various projects, with the ability to now search for tags, host names, IP addresses and annotations across projects and team members. This advanced search makes it easier to find information from previous projects or from other team members. * Post-Exploitation Modules - This feature, found in all Metasploit editions, includes more than a dozen modules that can be run on exploited systems to perform actions such as gathering additional information, pivoting to other networks and elevating system privileges. New post-exploitation modules can be quickly added by Rapid7 as part of the weekly product update. In addition, Metasploit Pro and Metasploit Express provide the ability to run post-exploitation modules on multiple systems simultaneously.

“Many penetration testers told us they like the efficiency of the features in Metasploit Pro for network discovery, smart brute forcing and exploitation, but also enjoy the traditional command-line interface of the Metasploit Framework,” said HD Moore, Rapid7 CSO and Metasploit chief architect. “With this release, we’ve made these features available as part of a command-line interface to Metasploit Pro so seasoned penetration testing experts can work in the medium they are most comfortable with using.”

These advanced features and Metasploit Pro 3.6 will be available immediately.

For an overview and comparison of features in the latest Metasploit editions please visit our blog at http://blog.rapid7.com/?p=6048.

To download a fully featured trial version, visit http://www.rapid7.com/downloads/metasploit-pro.jsp.

About Rapid7

Rapid7 is the leading provider of unified vulnerability management and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, the United States Postal Service, Carnegie Mellon University and Red Bull to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC. Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits. To obtain a free download of NeXpose or Metasploit, please visit http://www.rapid7.com/resources/free-downloads.jsp.

Recommended Reading: